diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/fs_mkdir.c | 12 | ||||
| -rw-r--r-- | src/man/firejail-profile.txt | 6 |
2 files changed, 11 insertions, 7 deletions
diff --git a/src/firejail/fs_mkdir.c b/src/firejail/fs_mkdir.c index a0bda7443..35d043dde 100644 --- a/src/firejail/fs_mkdir.c +++ b/src/firejail/fs_mkdir.c | |||
| @@ -57,12 +57,15 @@ static void mkdir_recursive(char *path) { | |||
| 57 | 57 | ||
| 58 | void fs_mkdir(const char *name) { | 58 | void fs_mkdir(const char *name) { |
| 59 | EUID_ASSERT(); | 59 | EUID_ASSERT(); |
| 60 | printf("****************************\n"); | ||
| 61 | |||
| 60 | 62 | ||
| 61 | // check directory name | 63 | // check directory name |
| 62 | invalid_filename(name); | 64 | invalid_filename(name); |
| 63 | char *expanded = expand_home(name, cfg.homedir); | 65 | char *expanded = expand_home(name, cfg.homedir); |
| 64 | if (strncmp(expanded, cfg.homedir, strlen(cfg.homedir)) != 0) { | 66 | if (strncmp(expanded, cfg.homedir, strlen(cfg.homedir)) != 0 && |
| 65 | fprintf(stderr, "Error: only directories in user home are supported by mkdir\n"); | 67 | strncmp(expanded, "/tmp", 4) != 0) { |
| 68 | fprintf(stderr, "Error: only directories in user home or /tmp are supported by mkdir\n"); | ||
| 66 | exit(1); | 69 | exit(1); |
| 67 | } | 70 | } |
| 68 | 71 | ||
| @@ -100,8 +103,9 @@ void fs_mkfile(const char *name) { | |||
| 100 | // check file name | 103 | // check file name |
| 101 | invalid_filename(name); | 104 | invalid_filename(name); |
| 102 | char *expanded = expand_home(name, cfg.homedir); | 105 | char *expanded = expand_home(name, cfg.homedir); |
| 103 | if (strncmp(expanded, cfg.homedir, strlen(cfg.homedir)) != 0) { | 106 | if (strncmp(expanded, cfg.homedir, strlen(cfg.homedir)) != 0 && |
| 104 | fprintf(stderr, "Error: only files in user home are supported by mkfile\n"); | 107 | strncmp(expanded, "/tmp", 4) != 0) { |
| 108 | fprintf(stderr, "Error: only files in user home or /tmp are supported by mkfile\n"); | ||
| 105 | exit(1); | 109 | exit(1); |
| 106 | } | 110 | } |
| 107 | 111 | ||
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index d60d48072..cf2398ad4 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
| @@ -156,7 +156,7 @@ Mount-bind directory1 on top of directory2. This option is only available when r | |||
| 156 | Mount-bind file1 on top of file2. This option is only available when running as root. | 156 | Mount-bind file1 on top of file2. This option is only available when running as root. |
| 157 | .TP | 157 | .TP |
| 158 | \fBmkdir directory | 158 | \fBmkdir directory |
| 159 | Create a directory in user home before the sandbox is started. | 159 | Create a directory in user home or under /tmp before the sandbox is started. |
| 160 | The directory is created if it doesn't already exist. | 160 | The directory is created if it doesn't already exist. |
| 161 | .br | 161 | .br |
| 162 | 162 | ||
| @@ -177,8 +177,8 @@ mkdir ~/.cache/mozilla/firefox | |||
| 177 | whitelist ~/.cache/mozilla/firefox | 177 | whitelist ~/.cache/mozilla/firefox |
| 178 | .TP | 178 | .TP |
| 179 | \fBmkfile file | 179 | \fBmkfile file |
| 180 | Similar to mkdir, this command creates a file in user home before the sandbox is started. | 180 | Similar to mkdir, this command creates a file in user home or under /tmp before the sandbox is started. |
| 181 | The file is created if it doesn't already exist, but it's target directory has to exist. | 181 | The file is created if it doesn't already exist. |
| 182 | .TP | 182 | .TP |
| 183 | \fBnoexec file_or_directory | 183 | \fBnoexec file_or_directory |
| 184 | Remount the file or the directory noexec, nodev and nosuid. | 184 | Remount the file or the directory noexec, nodev and nosuid. |